DEBIAN-CVE-2023-28450

DEBIAN-CVE-2023-28450 PUBLISHED CVSS 7.5 HIGH

An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:13	dnsmasq	0, 0, 0
Debian:12	dnsmasq	2.90-3, 2.89-1, 2.90-1
Debian:14	dnsmasq	0, 0, 0
Debian:11	dnsmasq	0, 2.85-1, 0

Timeline

Mar 15, 2023 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2023-28450 advisory

Open in Interactive Console →